On February 13th, Wordfence Threat Intelligence team discovered a vulnerability in wpCentral, a WordPress plugin installed on over 60,000 sites.
The flaw allowed anybody to escalate their privileges to those of an administrator, including subscriber-level users.
The vulnerability also allowed for remote control of the site via the wpCentral administrative dashboard.
This was reported as a high severity security issue that could cause severe impact to your site. We highly recommend updating to the latest version, 1.5.2, immediately.
More details on the Wordfence blog.